They come in the mail — ominous-looking envelopes that are devoid of branding and obvious marketing embellishments. Plain white, marked with often-unrecognizable return addresses, and relatively thin — the contents of which will spoil your day and cause you to lose yet a bit more faith in humanity. No, it’s not a tax bill; rather, it’s yet another notice that a company you’ve trusted to handle your personal information has been breached, and your data has been stolen.
As you read through the letter, you immediately recognize the format — short, devoid of any real explanation, potentially some attempt to downplay the seriousness of data that may now be in the hands of criminals, and a generally uncomfortable sense of routineness to it. Of course, you’ll be offered some form of free credit monitoring (for the next year or two), with the promise that some league of identity theft warriors will be there to defend your good name when, and if, the day comes that you need them.
However, you’re smarter than you’re given credit for — you understand that the damage is done, and there’s little you can do to put the genie back in the bottle. Sadly, once your personal information has been stolen, it’s difficult, if not impossible, to unwind the impacts. While passwords can be changed, your government-issued identifiers (e.g. Social Security Number), date of birth, healthcare records, biometrics and various other forms of data are often with you for life. Even data that can be changed, such as banking and financial information, is far from simple to address, and the impacts of which are systemic throughout various often-longstanding relationships you may hold with umpteen institutions.
While you stare at the letter, the same thought goes through you ..